package com.zhou.shiro.handlers;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

/**
 * @author zhouplus [http://my.oschina.net/u/2303497/blog]
 * @since 1.0.0
 * @date  2016/5/11  19:11
 */
 
@Controller
public class ShiroHandler {

    @RequiresRoles("list")
    @RequestMapping("/list")
    public String list(){
        System.out.println("...list...");
        return "list";
    }



    @RequestMapping("/shiro-login")
    public String login(@RequestParam("username") String username,
                        @RequestParam("password") String password){
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);

        try {
            //执行认证操作
            subject.login(token);
        }catch (AuthenticationException ae) {
            System.out.println("登录失败:"+ae.getMessage());
            return "/shiro-login";
        }

        return "/shiro-success";
    }
}
